public void UtcCreationDateConvertsToUniversal()
{
IReplayProtectedProtocolMessage responseReplay = this.response;
DateTime local = DateTime.Parse("1982-01-01", CultureInfo.InvariantCulture, DateTimeStyles.AssumeLocal);
if (local.Kind != DateTimeKind.Local)
{
Assert.Inconclusive("Test cannot manage to create a local time.");
}
responseReplay.UtcCreationDate = local;
DateTime utcCreationDate = responseReplay.UtcCreationDate;
Assert.AreEqual(DateTimeKind.Utc, utcCreationDate.Kind, "Local time should have been converted to universal time.");
Assert.AreNotEqual(local.Hour, utcCreationDate.Hour, "The hour was expected to change (unless local time _is_ UTC time for this PC!)");
// Now try setting UTC time just to make sure it DOESN'T mangle the hour
if (this.creationDate.Kind != DateTimeKind.Utc)
{
Assert.Inconclusive("We need a UTC datetime to set with.");
}
responseReplay.UtcCreationDate = this.creationDate;
utcCreationDate = responseReplay.UtcCreationDate;
Assert.AreEqual(DateTimeKind.Utc, utcCreationDate.Kind);
Assert.AreEqual(this.creationDate.Hour, utcCreationDate.Hour, "The hour should match since both times are UTC time.");
}
/// <summary>
/// Performs any transformation on an incoming message that may be necessary and/or
/// validates an incoming message based on the rules of this channel binding element.
/// </summary>
/// <param name="message">The incoming message to process.</param>
/// <returns>
/// The protections (if any) that this binding element applied to the message.
/// Null if this binding element did not even apply to this binding element.
/// </returns>
/// <exception cref="ProtocolException">
/// Thrown when the binding element rules indicate that this message is invalid and should
/// NOT be processed.
/// </exception>
/// <remarks>
/// Implementations that provide message protection must honor the
/// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable.
/// </remarks>
public MessageProtections?ProcessIncomingMessage(IProtocolMessage message)
{
IndirectSignedResponse response = message as IndirectSignedResponse;
if (this.UseRequestNonce(response))
{
if (!response.ReturnToParametersSignatureValidated)
{
Logger.OpenId.Error("Incoming message is expected to have a nonce, but the return_to parameter is not signed.");
}
string nonceValue = response.GetReturnToArgument(NonceParameter);
ErrorUtilities.VerifyProtocol(
nonceValue != null && response.ReturnToParametersSignatureValidated,
this.securitySettings.RejectUnsolicitedAssertions ? OpenIdStrings.UnsolicitedAssertionsNotAllowed : OpenIdStrings.UnsolicitedAssertionsNotAllowedFrom1xOPs);
CustomNonce nonce = CustomNonce.Deserialize(nonceValue);
DateTime expirationDate = nonce.CreationDateUtc + MaximumMessageAge;
if (expirationDate < DateTime.UtcNow)
{
throw new ExpiredMessageException(expirationDate, message);
}
IReplayProtectedProtocolMessage replayResponse = response;
if (!this.nonceStore.StoreNonce(replayResponse.NonceContext, nonce.RandomPartAsString, nonce.CreationDateUtc))
{
Logger.OpenId.ErrorFormat("Replayed nonce detected ({0} {1}). Rejecting message.", replayResponse.Nonce, replayResponse.UtcCreationDate);
throw new ReplayedMessageException(message);
}
return(MessageProtections.ReplayProtection);
}
return(null);
}
public override void SetUp() {
base.SetUp();
this.protocol = Protocol.Default;
this.nonceStore = new NonceMemoryStore(TimeSpan.FromHours(3));
this.nonceElement = new StandardReplayProtectionBindingElement(this.nonceStore);
this.nonceElement.Channel = new Mocks.TestChannel();
this.message = new TestReplayProtectedMessage();
this.message.UtcCreationDate = DateTime.UtcNow;
}
public void ResponseNonceGetter()
{
IReplayProtectedProtocolMessage responseReplay = this.response;
responseReplay.Nonce = "UnIqUe";
responseReplay.UtcCreationDate = this.creationDate;
Assert.AreEqual(CreationDateString + "UnIqUe", this.response.ResponseNonceTestHook);
Assert.AreEqual("UnIqUe", responseReplay.Nonce);
Assert.AreEqual(this.creationDate, responseReplay.UtcCreationDate);
}
public override void SetUp()
{
base.SetUp();
this.protocol = Protocol.Default;
this.nonceStore = new NonceMemoryStore(TimeSpan.FromHours(3));
this.nonceElement = new StandardReplayProtectionBindingElement(this.nonceStore);
this.nonceElement.Channel = new Mocks.TestChannel();
this.message = new TestReplayProtectedMessage();
this.message.UtcCreationDate = DateTime.UtcNow;
}
//shuo:end
/// <summary>
/// Applies a nonce to the message.
/// </summary>
/// <param name="message">The message to apply replay protection to.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>
/// The protections (if any) that this binding element applied to the message.
/// Null if this binding element did not even apply to this binding element.
/// </returns>
public Task <MessageProtections?> ProcessOutgoingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken)
{
IReplayProtectedProtocolMessage nonceMessage = message as IReplayProtectedProtocolMessage;
if (nonceMessage != null)
{
nonceMessage.Nonce = this.GenerateUniqueFragment();
return(CompletedReplayProtectionTask);
}
return(NullTask);
}
public void ResponseNonceGetter()
{
var responseAccessor = IndirectSignedResponse_Accessor.AttachShadow(this.response);
IReplayProtectedProtocolMessage responseReplay = this.response;
responseReplay.Nonce = "UnIqUe";
responseReplay.UtcCreationDate = this.creationDate;
Assert.AreEqual(CreationDateString + "UnIqUe", responseAccessor.ResponseNonce);
Assert.AreEqual("UnIqUe", responseReplay.Nonce);
Assert.AreEqual(this.creationDate, responseReplay.UtcCreationDate);
}
/// <summary>
/// Applies a nonce to the message.
/// </summary>
/// <param name="message">The message to apply replay protection to.</param>
/// <returns>
/// The protections (if any) that this binding element applied to the message.
/// Null if this binding element did not even apply to this binding element.
/// </returns>
public MessageProtections?ProcessOutgoingMessage(IProtocolMessage message)
{
IReplayProtectedProtocolMessage nonceMessage = message as IReplayProtectedProtocolMessage;
if (nonceMessage != null)
{
nonceMessage.Nonce = this.GenerateUniqueFragment();
return(MessageProtections.ReplayProtection);
}
return(null);
}
/// <summary>
/// Applies a nonce to the message.
/// </summary>
/// <param name="message">The message to apply replay protection to.</param>
/// <returns>True if the message protection was applied. False otherwise.</returns>
public bool PrepareMessageForSending(IProtocolMessage message)
{
IReplayProtectedProtocolMessage nonceMessage = message as IReplayProtectedProtocolMessage;
if (nonceMessage != null)
{
nonceMessage.Nonce = this.GenerateUniqueFragment();
return(true);
}
return(false);
}
public void ResponseNonceSetter()
{
const string HybridValue = CreationDateString + "UNIQUE";
IReplayProtectedProtocolMessage responseReplay = this.response;
this.response.ResponseNonceTestHook = HybridValue;
Assert.AreEqual(HybridValue, this.response.ResponseNonceTestHook);
Assert.AreEqual(this.creationDate, responseReplay.UtcCreationDate);
Assert.AreEqual("UNIQUE", responseReplay.Nonce);
this.response.ResponseNonceTestHook = null;
Assert.IsNull(responseReplay.Nonce);
}
public void ResponseNonceSetter()
{
const string HybridValue = CreationDateString + "UNIQUE";
var responseAccessor = IndirectSignedResponse_Accessor.AttachShadow(this.response);
IReplayProtectedProtocolMessage responseReplay = this.response;
responseAccessor.ResponseNonce = HybridValue;
Assert.AreEqual(HybridValue, responseAccessor.ResponseNonce);
Assert.AreEqual(this.creationDate, responseReplay.UtcCreationDate);
Assert.AreEqual("UNIQUE", responseReplay.Nonce);
responseAccessor.ResponseNonce = null;
Assert.IsNull(responseReplay.Nonce);
}
/// <summary>
/// Verifies that the nonce in an incoming message has not been seen before.
/// </summary>
/// <param name="message">The incoming message.</param>
/// <returns>
/// True if the message nonce passed replay detection checks.
/// False if the message did not have a nonce that could be checked at all.
/// </returns>
/// <exception cref="ReplayedMessageException">Thrown when the nonce check revealed a replayed message.</exception>
public bool PrepareMessageForReceiving(IProtocolMessage message)
{
IReplayProtectedProtocolMessage nonceMessage = message as IReplayProtectedProtocolMessage;
if (nonceMessage != null && nonceMessage.Nonce != null)
{
ErrorUtilities.VerifyProtocol(nonceMessage.Nonce.Length > 0 || this.AllowZeroLengthNonce, MessagingStrings.InvalidNonceReceived);
if (!this.nonceStore.StoreNonce(nonceMessage.Nonce, nonceMessage.UtcCreationDate))
{
throw new ReplayedMessageException(message);
}
return(true);
}
return(false);
}
public Task <MessageProtections?> ProcessIncomingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken)
{
IReplayProtectedProtocolMessage nonceMessage = message as IReplayProtectedProtocolMessage;
if (nonceMessage != null && nonceMessage.Nonce != null)
{
ErrorUtilities.VerifyProtocol(nonceMessage.Nonce.Length > 0 || this.AllowZeroLengthNonce, MessagingStrings.InvalidNonceReceived);
if (!this.nonceStore.StoreNonce(nonceMessage.NonceContext, nonceMessage.Nonce, nonceMessage.UtcCreationDate))
{
Logger.OpenId.ErrorFormat("Replayed nonce detected ({0} {1}). Rejecting message.", nonceMessage.Nonce, nonceMessage.UtcCreationDate);
throw new ReplayedMessageException(message);
}
return(CompletedReplayProtectionTask);
}
return(NullTask);
}
